This certification validates experienced security operations engineers on their knowledge and skills in installation, deployment configuration, post-deployment management and configuration, data source onboarding and integration configuration, playbook creation, and detection engineering using Cortex XSIAM in security operations environments.
This certification is designed for security operations engineers, security engineers, XSIAM and SIEM engineers, detection engineers, security architects, security operations support engineers, and individuals responsible for deployment, configuration, data onboarding, playbook creation, and troubleshooting in security operations environments.
Skills Required
- Working knowledge of security operations
- Basic understanding of network security, infrastructure, protocols, and topology
- Working knowledge of endpoint OS fundamentals and security hardening methods
- Working knowledge of SIEM and security operations technology
- Basic knowledge of current and emergent trends in information security
- Use security models / architectures (e.g., defense-in-depth, Zero Trust)
- Working knowledge of programming and scripting languages (i.e., Python, Powershell, SQL, RegEx, XQL)
- Ability to implement automation and orchestration for efficient incident handling
- Ability to ingest data from threat and vulnerability feeds and determine applicability to the organization
- Working knowledge of log source onboarding, log normalization, and parsing
- Ability to integrate products and tools, including third-party products and tools
- Ability to configure agents, including policies and profiles
- Ability to ensure the availability, integrity, and security of data through monitoring
- Working knowledge of security frameworks (e.g., MITRE ATT&CK)
- Basic understanding of vulnerability management
- Basic understanding of threat intelligence management
- Familiarity with common data formats and data transformation (e.g., JSON, XML, CEF)
- Basic understanding of SaaS architectures